[Video] How Anyone Can Hack Your WordPress Site In Less Than 5 Minutes And How To Prevent It

This webinar, hosted by Dre Armeda (CEO & Founder of Sucuri Inc.), covers how anyone can hack your WordPress site in less than 5 minutes (which he actually demos live) … and what you can actually do to prevent it.

Topics Covered

Free Ebook: 11 Things to Do with Every New WordPress Install

So you just installed WordPress — awesome! Getting started can be overwhelming, but we’re here to help.Here are 11 key things you can do right now to make a
great WordPress site. Enter your email below to get the free ebook.

WordPress or Joomla or any other CMS Platform sites are very easy to hack if you’re not aware of the security of your websites. Installing Plugins and Free Themes may cause in many situations. Better to avoid installing Free theme and better to buy any theme from iThemes or from somewhere else.

Once I had my wp site hacked due to non regularly updates (it was version 2.xx) since then I use only HTML + CSS sites, so no more hassels, no more updates & not using any php files except for the contact page, Do I still need to worry about those hack attempts explained above in the video ??
—
Concerning the demonstration wp hack, What if the “wp-admin” folder protected against the IP ? simply by adding .htaccess ip allow deny rule (so that way only I can access to the admin panel even with the pw )

[…] 2. Restrict login attempts using the Limit Login Attempts plugin for WordPress. Most sites are compromised using a “brute force” attack where an automated system discovers your admin account user name then tries a list of passwords against it. By limiting the number of login attempts, the bot can only try a few times and then has to wait an hour or so try again, this makes it impossible for them to go through their password list. Want to see how it works? Here’s @dremeda hacking a WordPress site in 5 minutes [Video]. […]

OMG- My website got hacked last year, and it was such a mess. I had 2 other websites hosted on my same FTP server, and they were all being redirected to some weird website selling pharmaceuticals or something. I worked on it for probably 2 days before I gave in and started looking for professional help. I found a website called eSecurityPros.com and worked with their technicians. They had my sites completely fixed, up and running in a day. The whole thing costs about $200, but definitely worth it. I’d recommend them to anyone.

@Robert Collins
Reducing login attempts against a 90,000 strong botnet is a useless tactic on its own. Login attempts are based on IP address. With that many addresses and that much badwidth, the brute force would be insanely fast. About as fast as the server could handle. Which is why it bogs you down. It’s using all is resources processing the information and bandwidth from the botnet.
Login attempt isn’t a bad idea, but definitely add in the other security measures.

Respond

Free Ebook: 11 Things to Do with Every New WordPress Install

So you just installed WordPress — awesome! Getting started can be overwhelming, but we’re here to help.
Here are 11 key things you can do right now to make a
great WordPress site. Enter your email below to get the free ebook. You'll also get other iThemes news & updates sent to your inbox.

So you just installed WordPress—awesome! Getting started can be overwhelming, but we’re here to help.
Here are 11 key things you can do right now to make a great WordPress site. Enter your email below and we'll send you the download link.